3cx System and a VPN tunnel for SIP traffic

Discussion in '3CX Phone System - General' started by Ben Beige, Oct 9, 2017.

Tags:
Thread Status:
Not open for further replies.
  1. Ben Beige

    Joined:
    Aug 1, 2017
    Messages:
    7
    Likes Received:
    0
    I've setup openVPN on an existing 3cx install to connect to an Asterisk instance that is providing a SIP trunk to replace an old PRI. this configuration works fine for outbound calls, but inbound calls run into issues w/ RTP not reaching the LAN IP on the interface.

    09-Oct-2017 15:41:06.390 Leg L:62.2[Extn:230] is terminated: Cause: BYE from 172.18.253.121:3072
    09-Oct-2017 15:41:01.807 Currently active calls - 1: [62]
    09-Oct-2017 15:40:38.058 [MS105000] C:61.1: No RTP packets were received:remoteAddr=10.8.0.1:14074,extAddr=0.0.0.0:0,localAddr=172.18.253.10:10256
    09-Oct-2017 15:40:36.610 Leg L:61.1[Line:10000<<4125555555] is terminated: Cause: BYE from PBX​

    the VPN IPs are 10.8.0.1 (asterisk) / 10.8.0.6 (3cx)
    (inbound number has been anonymized in the logs)

    Can I make 3cx listen on both interfaces?
     
  2. Ben Beige

    Joined:
    Aug 1, 2017
    Messages:
    7
    Likes Received:
    0
    Route info from teh 3cx server:
    ===========================================================================
    Interface List
    19...00 ff 25 cc ba c1 ......TAP-Windows Adapter V9
    11...00 9c 02 a0 45 a3 ......Broadcom NetXtreme Gigabit Ethernet
    1...........................Software Loopback Interface 1
    12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
    13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
    22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 172.18.253.1 172.18.253.10 266
    10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 20
    10.8.0.4 255.255.255.252 On-link 10.8.0.6 276
    10.8.0.6 255.255.255.255 On-link 10.8.0.6 276
    10.8.0.7 255.255.255.255 On-link 10.8.0.6 276
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    172.18.253.0 255.255.255.0 On-link 172.18.253.10 266
    172.18.253.10 255.255.255.255 On-link 172.18.253.10 266
    172.18.253.255 255.255.255.255 On-link 172.18.253.10 266
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 172.18.253.10 266
    224.0.0.0 240.0.0.0 On-link 10.8.0.6 276
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 172.18.253.10 266
    255.255.255.255 255.255.255.255 On-link 10.8.0.6 276
    ===========================================================================
    Persistent Routes:
    Network Address Netmask Gateway Address Metric
    0.0.0.0 0.0.0.0 172.18.253.1 Default
    ===========================================================================
     
  3. StefanW

    StefanW Head of Customer Support and Training
    Staff Member 3CX Support

    Joined:
    Jun 2, 2009
    Messages:
    1,218
    Likes Received:
    90
    first of all, VPN adapter should NOT be used and installed on 3CX hosts!

    https://www.3cx.com/docs/manual/installation-windows/

    • Do not install VPN software on your 3CX Server.
    • Ensure that all power saving options for your System and Network adapters are disabled (Set the system to High Performance).
    • Do not install TeamViewer VPN Option on the host machine.
    • Disable Bluetooth adapters if it is a client PC.
    • 3CX Phone System must not be installed on a host which is a DNS or DHCP server, has MS SharePoint or Exchange services installed.
    Kindly change the setup to a routing gateway for VPN needs first before proceeding!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Ben Beige

    Joined:
    Aug 1, 2017
    Messages:
    7
    Likes Received:
    0
    I may have over engineered my setup, and spent too much time in the asterisk world on this, as most of our asterisk PBXs are also openVPN servers. It turns out we have a tunnel to this site I am getting my network admins to just open ports for me.
     
Thread Status:
Not open for further replies.